[AfrICANN-discuss] Harms and Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar Technologies) at Registry Level

[Anne-Rachel Inné]

Harms and Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar
Technologies) at Registry Level

24 November 2009

This explanatory
memorandum<http://www.icann.org/en/topics/new-gtlds/nxdomain-substitution-harms-24nov09-en.pdf>describes
the harms and concerns posed by NXDOMAIN substitution (commonly
implemented by the use of DNS wildcard) at the registry level. The paper is
a collection of the findings published by experts on the subject.

On 10 June 2009, the Security and Stability Advisory Committee (SSAC)
published an advisory stating that the redirection and synthesizing of DNS
responses (e.g., DNS wildcard) by TLDs poses a clear and significant danger
to the security and stability of the Domain Name System.

At its public meeting in Sydney in June 2009, the ICANN Board of Directors
resolved that new top-level domains should not use DNS redirection and
synthesizing of DNS responses.

In response to the Board resolution, ICANN staff included a prohibition
against redirection and synthesizing of DNS responses in the draft Registry
Agreement for new gTLDs. ICANN also included a similar commitment as part of
the request for new IDN ccTLDs in the proposed Terms and Conditions and in
the three proposed relationship options between ICANN and the IDN ccTLD
manager.
The Board also directed ICANN staff to report on the harms and concerns
posed by the use of redirection and synthesizing of DNS responses;
collectively, NXDOMAIN substitution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20091125/96c26ff3/attachment.htm